Starbucks Corp. said Friday it had lost track of four laptop computers, two of which had private information on about 60,000 current and former U.S. employees and fewer than 80 Canadian workers and contractors.

The data, which includes names, addresses and Social Security numbers, is about three years old, dating prior to December 2003, said Valerie O'Neil, a spokeswoman for the Seattle-based coffee retailer.

... O'Neil said Starbucks was in the process of notifying those affected, including an estimated 8 percent of its current work force, which numbers about 135,000 worldwide.

Starbucks has been looking for the laptops since early September after discovering they were missing from a closet in the corporate support center at its south Seattle headquarters, O'Neil said.

Posted: 4:23 PM- Intermountain Healthcare will destroy the hard drives of all recycled computers after an old laptop containing the names, job titles, social security and telephone numbers of 6,200 employees was donated to second-hand store and sold for $20.

The customer who bought the laptop from Deseret Industries discovered a single spreadsheet on a laptop whose memory was otherwise erased, [Something fishy here... Bob] said LDS Hospital spokesman Jess Gomez.

... The DI customer took the machine to television station KUTV [proof you can't hide these incidents? Bob] which alerted Intermountain and returned the computer about two weeks ago.

"Keep in mind this is a 14-year-old computer that sat in storage until last month when it donated to DI," Gomez said. "We feel very confident that no information was compromised in any way."

The Veterans Affairs Department is dealing with two new data security lapses affecting about 3,000 people.

About 1,600 veterans who received pulmonary tests at the VA hospital in Manhattan are being provided free credit counseling after the Sept. 8 theft of a laptop computer from a lab.

VA officials said the stolen laptop, which contained names and Social Security numbers of veterans who had received tests, had been triple-locked — in a locked corridor inside a locked room and secured by a cable to a cart, said VA spokeswoman Jo Schuda.

Some 80 percent of VA-owned computers are now encrypted, but data on this laptop was not because a decision had been made not to encrypt data being used for medical purposes. [“We call it our 'HIPPA be damned' policy” Bob]

... While that investigation was under way, VA officials learned of more missing data when computer disks containing the names and personal data on about 1,400 Oklahoma veterans were lost in the mail.

The disks contained information about veterans who had been treated at a McAlester, Okla., community-based outpatient clinic.

The disks included information on current and deceased patients at the clinic.

“It should not have been mailed, and they have promised to not mail anything like this again,” Schuda said.

I hadn’t seen this piece when it came out in July. The Value of the Public Domain by Rufus Pollock is an excellent analysis of how one might quantify the value of the public domain. It nicely introduces what otherwise strikes many as counter intuitive. Highly recommended.

If this had been a TV network, heads would roll and their stock would drop like a stone.

The NBA and Google Video have terminated their landmark partnership, which was announced to much ballyhoo earlier this year. All games, which had been previously available for a fee, have been pulled down from Google. [Not worth keeping even as an extra marketing channel? Bob] This includes last year's NBA Finals. If you follow the links on this page, you will note that all of the games are gone.

In the meantime, the NHL and Google yesterday announced that hockey games are now available for free [When they are done with the court, we turn it into an ice rink... Bob]on Google Video. Even better, you can download them for your iPod. That's wonderful for consumers, but it points to Google's bigger problems when it comes to video.

My gut is that Google is having a lot of difficulty selling content on Google Video. If the NBA were making money with Google, you can bet they would have stayed there. In fact, they probably would have used it as a platform to promote their new League Pass Broadband service - but they didn't.

Now, enter YouTube. If Google can't sell video content on its own video property you can bet they will have the same challenge on the newest addition to their family. The only way they will make up their $1.6B is in advertising - provided the copyright issues don't kill YouTube first. Possible? For sure. But Google better hope that the Transient Web doesn't take over.

A long article with lots of quotes, but I'd rather see the original document.

At what point do we wake up from this e-voting story nightmare and have someone reassure us it was only a dream? Every day, there's yet another story about how badly screwed up these machines are. Today, we've got a treat, as it's not actually about Diebold, but their competitor, Sequoia Voting Systems. It turns out that on the back of some of their machines used in California, there's a little yellow button. If you push it, you can vote multiple times by switching the machine to "manual" mode. In true geek fashion, Sequoia has responded with (I kid you not) their own version of "that's not a bug, that's a feature!" They claim it's "deliberate back-up feature to prevent the Edge from having a single point of failure." Hey, preventing single points of failure are great, but when they introduce a totally different point of failure, that's not so good. But, according to the company, this is the type of "flexibility" they've always provided. I didn't realize that "flexibility" was something desired in an e-voting system. Generally, you'd think people would prefer them to be pretty rigid, but to work right -- and not allow multiple votes. Sequoia claims that use of this feature emits a loud beeping noise, and they'll train poll workers to listen for that -- but that doesn't seem like the most reliable methods. We've heard so many stories of confused and technology illiterate voting officials that it's hard to believe they'll remember this or know what to do if it happens. The company says it will address the issue after next week's election -- but that any district using them can choose to simply turn off this "feature." So, if you're voting in California and you have an AVC Edge e-voting machine from Sequoia, and you have a bit of moral flexibility, apparently you can support your favorite candidate just that much more.

I don't normally report “pending” law or regulation since they rarely arrive in the form reported in the early articles, but this one interests me. Perhaps we should escape while we can? To where though...

We're All Prisoners, Now: US Citizens to be Required ''Clearance'' to Leave USA

International Politics October 26, 2006

Forget no-fly lists. If Uncle Sam gets its way, beginning on Jan. 14, 2007, we'll all be on no-fly lists, unless the government gives us permission to leave-or re-enter-the United States.

The U.S. Department of Homeland Security (HSA) has proposed that all airlines, cruise lines-even fishing boats-be required to obtain clearance for each passenger they propose taking into or out of the United States.

... Why might the HSA deny you permission to leave-or enter-the United States? No one knows, because the entire clearance procedure would be an administrative determination made secretly, with no right of appeal. Naturally, the decision would be made without a warrant, without probable cause and without even any particular degree of suspicion. Basically, if the HSA decides it doesn't like you, you're a prisoner - either outside, or inside, the United States, whether or not you hold a U.S. passport.

The U.S. Supreme Court has long recognized there is a constitutional right to travel internationally. Indeed, it has declared that the right to travel is "a virtually unconditional personal right." The United States has also signed treaties guaranteeing "freedom of travel." So if these regulations do go into effect, you can expect a lengthy court battle, both nationally and internationally.

Your organisation has a computer and internet use policy. Fine. It's been reviewed by corporate counsel, approved by senior management, and implemented over the years. The policy is comprehensive - it includes policies on expectations of privacy, employee monitoring, and the ownership of corporate electronic assets.

... However, there is a genuine divergence between what companies say and what they do. There is also a divergence between what employees regurgitate about their expectations of privacy (corporate mantra) and how they actually act. My own answer to the question, "do I have a reasonable expectation of privacy in the workplace?" – of course! What we really need to do is better define the scope of that reasonable expectation of privacy.

... The electronic workplace is no longer just the cubicle, desk or office. It now encompasses the coffee shop, the hotel room, the back of the taxi, the living room or bedroom.

... If nobody in the company has a privacy interest in electronic records, then how can the company resist a subpoena, search warrant, or even a warrantless search, since the courts only protect a reasonable interest in privacy?

... In effect, the court held that the actual policy of not monitoring content created, in the users, an expectation of privacy, which the court found to be reasonable.

It's official: the US leads the UK in compliance culture - but is it damaging New York as a financial centre?

Email monitoring? Tapped mobile calls? Switchboard snooping? It's all going on, according to a new survey which claims that New Yorkers are more aware of compliance breaches and monitored electronic communication - but they are also more likely to try to dodge communication controls.

The survey, conducted simultaneously in the financial districts of New York and London in October 2006, revealed a key difference in regulatory compliance culture: while Wall Street employees broadly support a firm's right to monitor their communication, they are also more likely to circumvent communication controls. A total of 300 people working in the Wall Street and City areas of New York and London, two of the world's busiest financial districts, were surveyed. The research discovered that:

- In New York more than 60% of respondents thought that it was right that their employer should monitor their e-mail. By contrast, in London less than half (38%) supported their firm's right to monitor e-mail.

- Employees in the New York finance sector are under heaviest scrutiny. In New York almost three quarters of respondents who worked in the finance sector thought their e-mail was already monitored (74%), compared to 62% of London finance workers. Only 28% of non-finance employees in New York believe their e-mail is monitored.

- New Yorkers are more likely to try to dodge e-mail monitoring:

- 60% admitted that they had sent something that they 'didn't want their employer to know about' using webmail. This compared to 42% of London respondents.

- More than seven out of ten New York-based finance workers admitted they had received an e-mail that broke corporate or regulatory policies, compared to just 36% of London City employees. Non-compliant communication is not just a problem in the finance sector; over half of non-finance workers in New York and London admitted to receiving e-mails that broke corporate policy (52% and 57% respectively).

TOPEKA, Kan. -- The state attorney general said Tuesday night that his office has received the records of 90 patients from two abortion clinics and is reviewing them for possible crimes, the culmination of an effort that prompted concerns over patient privacy.

... Shawnee County District Judge Richard Anderson subpoenaed the records at Kline's request in September 2004, concluding there was probable cause to believe they contained evidence of crimes.

While Anderson didn't give Kline unfettered access to the records, the state Supreme Court imposed new guidelines for having them reviewed and edited before they were given to the district court. Under that process, neither Kline nor the judge saw the names of the patients.

The beating of a registered offender by an alleged vigilante Tuesday night could spur calls to protect sex offenders' privacy, making it more difficult for law enforcement to track predators, an inspector with the Mason County Sheriff's Office fears.

... Dennis A. Clark, 51, remained at the Mason County Jail Thursday on suspicion of first-degree burglary [Not assault? Bob] and had his first court appearance Thursday.

... In Mason County, deputies also go out and give information about sex offenders to residents who live near them, Byrd said.

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It's only a draft report, but what it says is so controversial that a vote on the final report is being delayed.

PHILADELPHIA, Pennsylvania (AP) -- A laptop computer stolen from an insurance brokerage firm contained the names, birth dates and driver's license numbers of more than 1,200 Villanova University students and staff members, the school said Thursday.

The UK Information Commissioner, Richard Thomas, today issued a press release and a publication titled, A Surveillance Society (102 pages, PDF), a report commissioned for the International Conference of Data Protection and Privacy Commissioners, currently underway. The report "looks at surveillance in 2006 and projects forward ten years to 2016. It describes a surveillance society as one where technology is extensively and routinely used to track and record our activities and movements. This includes systematic tracking and recording of travel and use of public services, automated use of CCTV, analysis of buying habits and financial transactions, and the work-place monitoring of telephone calls, email and internet use. This can often be in ways which are invisible or not obvious to ordinary individuals as they are watched and monitored, and the report shows how pervasive surveillance looks set to accelerate in the years to come."

I'm certain others are doing this. Next they may want to knock on your door for an examination of your National ID and a scan of your sub-cutaneous RFID chip, a DNA sample... Imagine the lengths they would go to if you wanted access to something involving National Security!

Anheuser-Busch Cos. is set to become the first major brewer to weed out underage visitors to its Web sites by hiring an outside firm to check their age.

... The screening process likely will ask visitors for a name, age and address, including zip code, Ponturo said. The data can be matched against public records such as driver's licenses and voter registration cards.

... Anheuser-Busch is walking a fine line between keeping minors off its Web sites without turning away too many people. [The more effort required to access a site, the larger the reward must be. Perhaps free beer? Bob] The company hopes to draw between 3 million and 5 million visitors to Bud.TV each month.

The Web Science Research Initiative plans interdisciplinary course addressing the growing amount of online information and the rules to moderate it

By Ben Ames, IDG News Service November 02, 2006

A group of professors has formed a research collaboration to train students how to design future versions of the World Wide Web.

One of their first lessons will be how to strike a balance between better access to data and stricter rules about its use, said researchers from the Massachusetts Institute of Technology (MIT) and England's University of Southampton at an MIT press conference Thursday.

The Web Science Research Initiative (WSRI) hopes to create a college degree program in "Web science" that combines disciplines including computer science, mathematics, neuroscience law and economics. It will also raise funding for doctorate students to study at MIT and the University of Southampton.

These guys are at Lackland (Texas). Perhaps they could attend a Privacy Foundation seminar an tell us what to watch out for in a CyberWar.

Last Friday Thierry Zoller and Kevin Finistere gave a presentation in the Hack.lu 2006 conference on Bluetooth issues. They also showed a demo of BTCrack, a Windows tool that can crack Bluetooth PIN and Linkkey in almost real-time (assuming it has sniffed the initial pairing).

It turns out that record labels and movie studios aren't the only companies that treat their customers like criminals. So do writers of investment newsletters. The investment newsletter industry is basically what it sounds like. A company or an individual writes up a regular (often monthly) report filled with forecasts and picks and then send it to clients, for what is typically a rather high fee. But they know content like this is easily copied and passed around, so some of them, even in this day and age, are sent on physical paper by mail, in an attempt to make it just a little more difficult to re-distribute it than forwarding an email. The writer of one newsletter, who does distribute it electronically, is suing one of its corporate customers for copying it and passing it around. And how did he find this out? Because through his website, he installed spyware on the computers of all his clientsthat tracks what happens to the document. Even if he successfully sues the company, you really have to wonder about whether this was a good idea. Now all of his corporate clients, of which there are many, know him as a distributor of spyware, so either they'll stop doing business with the guy -- or maybe they'll get someone from IT to just disable it.

Note that even if the machines are secure (a BIG if) you could intercept the results at several steps along the way...

Surprise! More Diebold Problems As They Expose Memory Cards To Viruses

from the didn't-see-that-coming dept

As if there haven't been enough problems with Diebold e-voting equipment (all of which they pretty much brush off or ignore). Ed Felten, who has been pointing out numerous security flaws with Diebold machines has found another one. It turns out that the memory cards that are used to store votes on some of the machines, the same memory cards that Felten showed was susceptible to viruses, are being placed into a variety of laptops that have not been checked to make sure they're free of spyware. Apparently, election workers are expected to put the memory cards into laptops in order to transfer the votes to CD-ROM (and, no I won't even start to get into why you should need to transfer votes to CD-ROM). The laptops in question, though, were either the election workers personal laptops or a bunch that were just "gathered from around the office." How many of those laptops (especially the personal ones) do you think are infected with spyware and viruses? Especially when you consider how many election workers are freaking out over the new machines because they're not at all technically savvy. What kind of e-voting company would think it's somehow "secure" to require people to transfer votes using their personal laptop? In the meantime, of course, we eagerly await Diebold's expected brushing off of this story, complete with insults directed at Felton (as per usual) and some sort of claim about how the whole thing isn't a problem at all due to some bogus "security" procedure they have in place.

Australia To Tax Money From Second Life, But Can Money Spent On Your Avatar Be A Write-Off?

from the H&R-Block-Next-To-Set-Up-In-Second-Life dept

There continues to be a lot of discussion about the real world implications of activity inside virtual worlds. One of the issues is how to deal with taxation, and it appears that Australia has taken the lead, announcing that they plan to tax money made in virtual worlds, specifically citing Second Life Linden Dollars. A spokesperson for the country's tax office said that if you're getting monetary benefit from the site, then it should be taxed like any other income. What's not clear is when the money is taxed. Do they tax you when you've cashed in your Linden Dollars for Australian Dollars? If they did this, the policy would make sense, as it's basically like a capital gains tax, which is levied after someone sells their stock. Or, do they tax the player based on their Linden Dollars even if they don't cash out. This would be a ridiculous policy as it would basically be taxing people for playing a game. Assuming it's the former, the taxation occurs after withdrawing the money, it could be a real boon for Second Life, as it would discourage people from taking money out of the in-game economy.

The business model that will replace those used by media industries are becoming clearer every day.

One of the important things in business is being able to be aware enough and flexible enough that you're rarely (if ever) caught by surprise. You can watch for trends and do scenario planning to help with these types of things -- but apparently some folks in the entertainment industry don't believe in that kind of planning ahead (if they'd only contacted us, we could have helped). So, now, it seems that they're running into all sorts of problems that were easily predictable five years ago. Take the TV industry, for example. Five years ago, they should have paid attention to the various disputes between musicians and the recording industry over digital rights. Contracts had been written in a time before the internet, and no one was exactly sure who got what cut in the royalties and whether or not it was really covered by existing contracts. That, of course, should have been the signal for those in the video business to start looking at their contracts and figuring it all out before it became a problem for them as well. And, of course, not very much happened. So, now, as we hear stories about Google negotiating to give entertainment companies a nice upfront lump of cash to allow their videos online, writers, directors and actors are suddenly wondering what it all means for them. They want to know what their cut will be. Considering that the industry execs have a long, long history of figuring out ways to take the money without paying the talent, they absolutely should be worried.

These are the type of legacy issues that should have been clear from years ago -- and which seem to have been ignored by the execs. Either that or they knew about them and figured they would have the leverage in the end anyway, so there was no reason to negotiate. Of course, these kinds of legacy issues don't just impact the content creation side of the business. Business Week is writing about the difficulties HBO is facing in designing its own online strategy -- since any such plan routes around the cable TV providers who pay good money (and make nice profits) being the only way to get HBO's sought after content. Again, this should have been clear years ago, but it sounds like everyone's just trying to figure out how to get around the legacy issues now.

UK report: knowledge should be public good first, private right second

11/2/2006 9:36:09 AM, by Nate Anderson

The UK is awaiting the release of a report by the Gowers Review of Intellectual Property, a task force charged with suggesting changes to the country's intellectual property laws. The formation of the commission has inspired a flurry of private books and reports on IP designed to influence debate on the subject. While many of these are exactly as interesting as you'd expect, a new report from the Institute for Public Policy Research offers a fascinating look at the reasons behind intellectual property rights and suggests a new way forward for Britain: thinking about knowledge as a public resource first, and a private asset second. Is this idealistic, anti-business pinko blue-skying? The group says no.

A two-year effort by Logan International Airport officials to shut down private alternatives to the airport's $8-a-day wireless Internet service was decisively rejected yesterday by federal regulators, who blasted airport officials for raising bogus legal and technological arguments.

Thursday, November 02, 2006

Once again the media has called on Prof. John Soma to put some perspective on the Privacy implications of a recent story about theft of a computer with personal identity information... I'd like to see the whole list of things that might (should?) happen to managers who allow this to happen.

EBay building bombed: Exclusive IMs from an eBayer inside the building

Firefighters rushed to eBay's San Jose headquarters last night after an explosion in a four-story eBay building. First thought to be a transformer, the cause is now being reported as a bomb.

A live TV report from last night is available at KRON 4. If you have any information, photos, or first-hand accounts, e-mail tips@valleywag.com. A reader sends the following IM conversation they had with an eBay employee in the building.

My friend was working late at eBay tonight when there was a large explosion within the building.

Michael Porter Asks, and Answers: Why Do Good Managers Set Bad Strategies?

Published: November 01, 2006 in Knowledge@Wharton

Errors in corporate strategy are often self-inflicted, and a singular focus on shareholder value is the "Bermuda Triangle" of strategy, according to Michael E. Porter, director of Harvard's Institute for Strategy and Competitiveness.

... During his remarks, Porter stressed that managers get into trouble when they attempt to compete head-on with other companies. No one wins that kind of struggle, he said. Instead, managers need to develop a clear strategy around their company's unique place in the market.

... Managers who think there is one best company and one best set of processes set themselves up for destructive competition. "The worst error is to compete with your competition on the same things," Porter said. "That only leads to escalation, which leads to lower prices or higher costs unless the competitor is inept." Companies should strive to be unique, he added.

... Years ago, corporate strategy was considered a secret known only by top executives for fear competitors might use the information to their advantage, said Porter. Now it is important for everyone in the organization to understand the strategy and align everything they do with that strategy every day. Openness and clarity even help when coping with competition. "It's good for a competitor to know what the strategy is. The chances are better that the competitor will find something else to be unique at, instead of creating a zero-sum competition."

Posted by samzenpus on Wednesday November 01, @07:05PM from the learning-all-about-you dept. Microsoft

narramissic writes "The Center for Digital Democracy (CDD) and the U.S. Public Interest Research Group (US PIRG) have filed a complaint with the FTC, asking for an investigation into Microsoft's use of customer data collection in its adCenter Web advertising service. The groups claim that 'Microsoft has embarked on a wide-ranging data collection and targeting scheme that is deceptive and unfair to millions of users.' Microsoft, for its part, says the groups 'have got it all wrong.'"

I wonder if a collection (or searchable database) of campaign ads would result in screams from the candidates (or perhaps a new law banning “politician stalking”)

Politicians and their operatives are no dummies. YouTube might have started out as a site for ordinary people to post their own videos, but it is now well seeded with videos produced by candidates -- both focusing on themselves and on their opponents.

... Call it "Election 2.0." Call it the revenge of voters tired of watching the increasingly negative 30-second ads on network television. Whatever the reason, it is clear that voters are going outside mainstream media -- far outside -- to learn more about the candidates and the issues.

Consider YouTube, says Robb Hecht, an adjunct marketing professor at the City University of New York's Baruch College and social tech media strategist.

"Its role in this year's elections cannot be underestimated," he tells the E-Commerce Times. "While people need to tune into CNN, they also need to check out YouTube's vault of political videos and sites like WhereIStand.com to find out where [the politicians] stand on issues."

CEO says he wishes he could have been more "focused" during meetings with private investigators

By Robert Mullins, IDG News Service November 01, 2006

Hewlett-Packard Co. Chairman and Chief Executive Officer (CEO) Mark Hurd has an incomplete recollection of details of a crucial internal meeting on the HP board scandal, according to new information released Wednesday.

Spock, a start-up that wants to make it easier to find personal information about people on the web, has launched its private beta.

Type in a name, and Spock says it can serve up a picture, address, occupation, interests and other information. Conversely, you can type in an occupation and location ("Rodeo Clown, Lubbock") and it will spit up people that fit that category.

... Spock's public beta hasn't started, but the founders told VentureBeat that it will have 100 million profiles.

No word on whether Leonard Nimoy is filing suit against them yet. Oh, humans, you are so irrational.

Negotiating ploy? Perhaps they want to be treated like North Korea and have a Chinese pipeline supply them with fuel oil for those cold Seattle winters?

Posted by samzenpus on Wednesday November 01, @09:31PM from the make-them-count dept. United States Politics Technology

jcatcw writes "One-third of Americans will use voting machines next week that have never before served in a general election. Computerworld.com provides an overview of e-voting in each of the 50 states and the District of Columbia — equipment, systems for voter registration, polling, significant legal challenges to the systems, previous media coverage, links to government watchdog sites, the vendors, technologies and laws that are important to the issue, and a review of 'Hacking Democracy.'"

A Morocco-born computer virus that crashed the Department of Homeland Security's US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident.

The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.

... U.S. District Judge Susan Illston reviewed all the documents in chambers, and ordered an additional four documents to be released last month. The court also directed DHS to reveal much of what it had previously hidden beneath thick black pen strokes in the original five pages.

"Although defendant repeatedly asserts that this information would render the CBP computer system vulnerable, defendant has not articulated how this general information would do so," Illston wrote in her ruling (emphasis is lllston's).

A before-and-after comparison of those documents offers little to support CBP's security claims. Most of the now-revealed redactions document errors officials made handling the vulnerability, and the severity of the consequences, with no technical information about CBP's systems. (Decide for yourself with our interactive un-redaction tool.)

It's one thing to be the victim of identity theft where the crook uses your identity to get loans, lines of credit and credit cards, but it's taken to an entirely different level when it's the CEO of a well-known company, and the victims are his employees. That's apparently what happened with Compulinx. Apparently, the company needed some money, and rather than raising it the old-fashioned way, the CEO and his nephew are accused of taking the data they had on file of some of the company's 50 employees, and using them to get loans, lines of credit and credit cards. The employees were apparently totally unaware that their CEO was pretending to be them, and sometimes claiming (falsely) that they were officers of the company.

In the last year or so, the concept of "spear phishing" has gained a lot of popularity. Rather than broadly phishing by sending out emails pretending to be from companies with huge numbers of users/customers such as eBay or Citibank, spear phishing is much more targeted, and sometimes much more devious. It is often sent directly to people at a certain organization, made to look like it comes from someone at that organization and designed to play on what that organization does. It seems that some phishing scammers went one step further last week, using a spear phishing attack on employees of the Dekalb Medical Center. The email itself appeared to come from the medical center and told the employees they were being laid off. It included a link to a website supposedly for "career-counseling information," but actually directing people to a website that automatically downloaded a keylogger program. Enough employees were freaked out enough by the notice that they didn't consider it might be a scam, and clicked on the link. Once again, it shows how the scammers continue to adjust and adapt, and how difficult it can be to spot some of these types of scams.

Shocker: Radio Station That Gives Listeners What They Want Grows Its Audience

from the are-you-listening dept

The WSJ has an interesting story looking at the success a Los Angeles-based public radio station, KCRW, has had by embracing the internet and new media. It reads like the antithesis of super-sized commercial radio companies who, like their record-industry cousins, have been dragged kicking and screaming into the digital age. KCRW offers a large number of its shows as podcasts, the most popular of which attracts more than 1 million downloads per month. This has helped drive listeners to its online streams and -- would you look at that -- the number of listeners has shot up. So much, in fact, that it gets more online visitors than it does terrestrial listeners. Some are quick to say that public stations like KCRW can do things like this more easily than commercial stations, because they're under less pressure to turn a profit. [Larger audiences mean higher ad rates. What part of that don't they understand? Bob] "They have less to lose," as one analyst puts it, sounding a lot more like a big-radio exec, since it's really a matter of radio stations -- commercial or public -- having a lot to gain from the internet. While it's true that the likes of KCRW don't have the profitability demands of commercial stations, they still have costs to cover and a business model to support. KCRW relies on listener donations for about half its budget, and estimates that just about 6 percent of those come from online listeners. But it understands that a far better way to generate revenues from online listeners is from underwriting, or advertising, as it's called in the commercial world. And as its online audience grows not only in size, but in geographic scope, as well, it's turning its attention to securing national underwriters, rather than just local ones. The station's not resisting the internet, it's embracing it and realizing that growing its audience, even if listeners are outside its local market, is a good thing. And that seems like a lesson that could very easily translate to the realm of commercial radio.

Sony is demonstrating that they can screw up in multiple business areas at the same time!

Posted by Zonk on Tuesday October 31, @10:31AM from the can't-a-megacorp-get-a-break dept. Sony The Courts Hardware

An anonymous reader writes "As the DOJ continues its investigation into RAM price fixing, it has started looking at Sony's operations. With all the negative press Sony has been getting, this couldn't come at a worse time."

From the article: "The Japanese company received a subpoena from the Justice Department's antitrust division seeking information about Sony's static random access memory, or SRAM, business, company spokesman Atsuo Omagari said. 'Sony intends to cooperate fully with the DOJ in what appears to be an industrywide inquiry,' the company said in a short statement."

The Security Freeze Law: Allows consumers, who are either identity theft victims or are concerned that they might be at risk of having their identities stolen, to cut off an identity thief's access to credit, loans, leases, goods and services by placing a "freeze" on their consumer credit report.

The Disposal of Personal Records Law: Requires any business to properly dispose of records containing personal information or risk a civil penalty of up to $5,000.

The Anti-Phishing Act of 2006: Prohibits the deceptive solicitation of personal information through electronic communications, including sending e-mails to Internet users, falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information.

Journal written by narramissic (997261) and posted by kdawson on Tuesday October 31, @05:59PM

from the just-say-no dept. The Internet United States User Journal Politics

narramissic writes, "Your tax dollars at work. The U.S. Federal Trade Commission has launched an online quiz-show style game called Buddy Builder to test young users' abilities to spot potential threats on social networking Web sites. Naturally, the teen audience this is intended to reach is not going to go near the game except as a joke."

[From the comments: It's more likely to be a how-to for perverts and pedophiles than anything else since children won't go near it. ]

"Previous e-card attacks and resulting infections have been slanted more toward denial of service, spam relay and virus propagation -- this one is much more dangerous to users because their financial information is at risk," Minoo Hamilton, senior vulnerability researcher for nCircle, told TechNewsWorld.

... Researchers at Exploit Prevention Labs recently uncovered a major cyber criminal ring operating in Australia using what appear to be Yahoo Greetings e-cards to infect thousands of computer users with malicious keylogger malware. Attackers used the malware to steal credit card numbers, bank account usernames and passwords and other personal information.

Why was this computer connected to both the Water system control and the Internet at the same time? Could have been a Nuke plant...

Attackers believed to be operating outside the U.S. gain access to computers at a Pennsylvania water treatment plant

By Robert McMillan, IDG News Service November 01, 2006

An infected laptop gave hackers access to computer systems at a Harrisburg, Pennsylvania, water treatment plant earlier this month.

The plant's systems were accessed in early October after an employee's laptop computer was compromised via the Internet, and then used as an entry point to install a computer virus and spyware on the plant's computer system, according to a report by ABC News.

The incident is under investigation by the U.S. Federal Bureau of Investigation, but no arrests have been made in the matter, said Special Agent Jerri Williams of the FBI's Philadelphia office. The attackers are believed to have been operating outside of the U.S.

Williams said that the hackers do not appear to have targeted the plant. "We did not believe that they were doing it to compromise the actual water system, but just to use the computer as a resource for distributing e-mails or whatever electronic information they had planned," she said.

Still, the FBI is concerned that even without targeting the system itself, this malicious software could have interfered with the plant's operations, Williams said.

Had the breach targeted the water plant, it could have had grave consequences, according to Mike Snyder, security coordinator for the Pennsylvania section of the American Water Works Association. "It's a serious situation because they could possibly raise the level of chlorine being injected into the water... which would make the water dangerous to drink."

After the terrorist attacks of September 11, 2001, computer security at U.S. water systems was beefed up, but water systems may still be tied to administrative networks that are connected to the Internet, Snyder said. "Sometimes if a hacker is pretty good, he can get into the computer via the administrative network," he said.

In the Harrisburg case, a laptop computer was apparently the source of the intrusion. Synder said that laptops are used in the industry because water systems often have many different locations that need to be monitored. "Because of the way the water systems work, it is convenient to be able to use a laptop to check tank levels."

The U.S. Environmental Protection Agency knows of no other similar incidents occurring in the region, said Rick Rogers, the chief of the agency's drinking water branch for the mid-Atlantic region.

Rogers was not able to comment directly on the matter, since the breach is under investigation. "We are looking into it and working with the state and the water utility industry," he said. "But it is a concern that somebody was able to get into a system like this."

Includes some “Accessibility” guidelines too. Good source of non-copyright material.

Press release, October 30, 2006: "HHS Secretary Mike Leavitt today announced the publication of the 2006 edition of the popular Research-Based Web Design & Usability Guidelines. Based on the latest research, the Guidelines now include over 40 new or updated guidelines and have become a primary resource for government and other Web communicators. The updated guide is being published by HHS in partnership with the General Services Administration (GSA)."

U.S. Intel Community Using Innovative Tech to Expand Homeland Security

U.S. News reports on a range of new programs sponsored by DHS that leverage innovative technology applications (wikis and blogs) and educational programs to expand and improve the effectiveness of homeland security goals and objectives.

Diebold Trying To Stop Documentary On E-Voting Problems; Complains About Wrong Film

from the opening-the-dialog,-huh? dept

On Monday, we wrote about how it suddenly appeared that e-voting concerns were going mainstream, not even realizing that HBO was preparing to show a documentary called "Hacking Democracy." In that post, I linked to a Fortune article that is actually somewhat more encouraging about e-voting's number one target: Diebold. Beyond giving the history of the company, it suggested that the company more or less recognized that they had been both "stupid" and "naive" in getting into the e-voting business, without understanding anything about it. It also noted that almost all of the companies top execs have recently been replaced -- and even said that the company is considering getting out of the e-voting business altogether. All of these suggest that the company actually recognizes that they've screwed up big time. That's a big step forward, since every time a new problem comes up they react by brushing it off (often with outright lies), attacking their critics or simply cracking jokes about their security problems. And, by now, it should be clear that the security problems are very, very real.

So, with all of that, perhaps it was wishful thinking to hope that the new Diebold management would be a bit more willing to engage in discussion over issues, rather than just attack. Of course, given all of the recent problems the company has had, followed by the same old, same old response, it seems clear that the company hasn't learned a thing. To make that clear, rather than dealing with the problems, they're working hard behind the scenes (and failing) to convince HBO to cancel the documentary. They claim that the documentary is filled with false and inaccurate statements -- which would be more believable if (a) the company ever owned up to any of its mistakes and (b) they had actually seen the movie (which they haven't, apparently). In fact, the points that Diebold raised in their letter apparently refer to an entirely different film called Voter Gate, which has nothing to do with the documentary HBO will be showing. Diebold claims it's by the same people, but it's not. Now, isn't that a surprise? Diebold can't even accurately figure out who's involved in a movie about them.

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Windows 2003 Server and DOS.

Eraser is Free software and its source code is released under GNU General Public License.

... The site currently has about 600 million listings and about 204 million registered users.

... This one, in particular, is striking: 1.3 million people make all or part of their living selling on eBay.

... eBay's storage engineering team (numbering "in the teens," Strong said) utilizes 2 petabytes of raw digital space on a daily basis to run the site and store its data, yet has to add about 10 terabytes of new storage every week to cover new transactions, Strong said.

... eBay maintains four copies of most of its databases, according to Strong.

... Today, we present a rundown of success stories from all spheres that open source touches. Whether through profit margins, spreading the technology to areas thought well outside its reach (check out stories regarding the open-source car project and the open-source film production), or just simply generating greater public awareness, the success of this truly world-changing technology is everywhere.

... An open-source course? Of course

Popular blogger Scott Granneman recently reported that those revolutionary folks over at University of California at Berkeley has begun a course entitled “Open Source Development and Distribution of Digital Information: Technical, Economic, Social and Legal Perspectives. The course is cross-listed for the Informatics Systems major as well as an elective for law. Granneman recommends checking out the syllabus’ book list, because “for those of you just interested in the open source movement as a whole, this is a great compendium of readings that'll keep you busy for a while.”

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.